Do Not Complicate Routing Security with Voodoo Economics

Michael Schapira ms7 at CS.Princeton.EDU
Mon Sep 5 14:25:50 UTC 2011

On Sep 5, 2011, at 11:55 AM, Dobbins, Roland wrote:

> The idea of origin validation is a simple one.  The idea of path validation isn't to determine the 'correctness' or 'desirability' of a
> particular AS-path, but rather to determine the *validity* (or at least the *feasability*) of a given AS-path.

Sorry, I was misunderstood. To clarify, I was referring only to our work (, where security does play a small role in the route selection process (after LocalPref and AS-PATH length), and not to the BGPsec spec. The reason why we assume that security affects the route selection process is because otherwise, even an AS that deploys S*BGP, remains vulnerable to attacks. To see why, take a look at slides 10-13 of our NANOG presentation (, video available at The basic idea is: if an AS prefers short paths over secure paths they'll be just as vulnerable to path-shortening attacks with and without S*BGP.

More information about the NANOG mailing list